wip

charts/datree-admission-webhook/templates/deployment.yaml

@@ -106,7 +106,7 @@ spec:
             - containerPort: 5555
               name: debug
           volumeMounts:
-            - mountPath: /app/folder
+            - mountPath: /etc/webhook-certs
               name: volume
             - name: webhook-tls-certs
               mountPath: /run/secrets/tls

internal/startup/startup.go

@@ -116,7 +116,7 @@ func Start() {
 	internalLogger.LogInfo(fmt.Sprintf("server starting in webhook-version: %s", config.WebhookVersion))
 
 	// start server
-	if err := http.ListenAndServeTLS(":"+port, cert_manager.CertPath, cert_manager.KeyPath, nil); err != nil {
+	if err := http.ListenAndServeTLS(":"+port, cert_manager.TlsCertPath, cert_manager.TlsKeyPath, nil); err != nil {
 		err = http.ListenAndServe(":"+port, nil)
 		if err != nil {
 			fmt.Println("Failed to start http server", err.Error())

pkg/cert-manager/cert-manager.go

@@ -15,9 +15,9 @@ import (
 	"time"
 )
 
-const certsFolder = "/app/folder/certs"
-const CertPath = certsFolder + "/tls.crt"
-const KeyPath = certsFolder + "/tls.key"
+const certsFolder = "/etc/webhook-certs"
+const TlsCertPath = certsFolder + "/tls.crt"
+const TlsKeyPath = certsFolder + "/tls.key"
 const CaCertPath = certsFolder + "/ca.crt"
 const CaKeyPath = certsFolder + "/ca.key"
 
@@ -43,7 +43,7 @@ func doCertificatesExist() bool {
 		return true
 	}
 
-	return doesFileExist(CertPath) && doesFileExist(KeyPath) && doesFileExist(CaCertPath) && doesFileExist(CaKeyPath)
+	return doesFileExist(TlsCertPath) && doesFileExist(TlsKeyPath) && doesFileExist(CaCertPath) && doesFileExist(CaKeyPath)
 }
 
 func generateCertificates() {
@@ -124,17 +124,13 @@ func generateCertificates() {
 		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(serverPrivKey),
 	})
-
-	err = os.MkdirAll("/app/folder/certs/", 0666)
-	if err != nil {
-		log.Panic(err)
-	}
-	err = writeFile("/app/folder/certs/tls.crt", serverCertPEM)
+
+	err = writeFile(TlsCertPath, serverCertPEM)
 	if err != nil {
 		log.Panic(err)
 	}
 
-	err = writeFile("/app/folder/certs/tls.key", serverPrivKeyPEM)
+	err = writeFile(TlsKeyPath, serverPrivKeyPEM)
 	if err != nil {
 		log.Panic(err)
 	}

pkg/k8sClient2/k8sClient2.go

@@ -2,9 +2,11 @@ package k8sClient2
 
 import (
 	"context"
+	"fmt"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	"os"
 )
 
 type k8sClientInterface interface {
@@ -33,27 +35,31 @@ func NewK8sClient() (*k8sClient, error) {
 	}, nil
 }
 
-func (kc *k8sClient) ActivateValidatingWebhookConfiguration(certPath string) error {
-	//certificateContent, readFileError := os.ReadFile(certPath)
-	//if readFileError != nil {
-	//	return readFileError
-	//}
+func (kc *k8sClient) ActivateValidatingWebhookConfiguration(caCertPath string) error {
+	certificateContent, readFileError := os.ReadFile(caCertPath)
+	if readFileError != nil {
+		return readFileError
+	}
+
+	fmt.Println("@@@@@@@@@@@@@@@@@")
+	fmt.Println(string(certificateContent))
+	fmt.Println("@@@@@@@@@@@@@@@@@")
 
-	result, err := kc.clientset.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), "datree-webhook", metav1.GetOptions{})
+	existingValidatingWebhookConfiguration, err := kc.clientset.AdmissionregistrationV1().ValidatingWebhookConfigurations().Get(context.TODO(), "datree-webhook", metav1.GetOptions{})
 	if err != nil {
 		return err
 	}
 
-	// update the CABundle from PLACEHOLDER to the actual certificate from cert-manager
-	//result.Webhooks[0].ClientConfig.CABundle = certificateContent
+	// update the CABundle from PLACEHOLDER to the actual certificate from persistent volume
+	existingValidatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = certificateContent
 
 	// remove the match expression at index 1, which is responsible for disabling the webhook
-	matchExpressions := result.Webhooks[0].NamespaceSelector.MatchExpressions
+	matchExpressions := existingValidatingWebhookConfiguration.Webhooks[0].NamespaceSelector.MatchExpressions
 	if len(matchExpressions) > 1 {
-		result.Webhooks[0].NamespaceSelector.MatchExpressions = append(matchExpressions[:1], matchExpressions[2:]...)
+		existingValidatingWebhookConfiguration.Webhooks[0].NamespaceSelector.MatchExpressions = append(matchExpressions[:1], matchExpressions[2:]...)
 	}
 
-	_, err = kc.clientset.AdmissionregistrationV1().ValidatingWebhookConfigurations().Update(context.TODO(), result, metav1.UpdateOptions{})
+	_, err = kc.clientset.AdmissionregistrationV1().ValidatingWebhookConfigurations().Update(context.TODO(), existingValidatingWebhookConfiguration, metav1.UpdateOptions{})
 	if err != nil {
 		return err
 	}